in the future is a red herring. No
certification purports to ensure the
future performance of the qualifying
person or entity. That
is not the purpose
of the designation.

A certification is an
attestation that a
person or organization
has the requisite
qualifications,
attributes, and abilities
to meet the mandatory
requirements of a
given standard. With
respect to ISO 37001, the certification
verifies that an organization invested
the necessary time, effort, and resources
to develop and implement an effective
anti-bribery management system that
conforms to international best practices.

That said, the standard, through its
mandatory documentation requirements,
provides a mechanism by which one can
reliably determine whether a certified
organization continues to “do compliance”
in accordance with the standard. That is,
under ISO 37001, every critical activity
for the effective performance of the
anti-bribery management system must
be documented by the organization.

With a clearunderstanding ofwhat should bedocumented, anynon-compliant organization will easilybe exposed.

Conclusion

ISO 37001 is not without its critics. And
although there are valid points of discussion,
the suggestion that the certification is
worthless because it does not ensure
that the certified organization is “doing
compliance” or will “do compliance” in
the future demonstrates a fundamental
misunderstanding as to the standard’s
mandates, the certification process, and the
mandatory documentation requirements. In
the final analysis, the ISO 37001 certification
brings substantial value as it provides an
objective means by which an organization can
demonstrate that its anti-bribery management
system conforms to international best
practices. Moreover, and contrary to the critics’
argument, the certification provides implicit
assurances that the certified organization is
and will continue “to do compliance.” You can
check the box on that!

Ramsey Kazem ( rkazem@thethreetwelvegroup.com) is Managing Director
of Three Twelve Group in Atlanta, GA.

With a clearunderstanding of whatshould be documented,any non-compliantorganization will easilybe exposed.